From: Vsevolod Stakhov Date: Tue, 20 Nov 2018 16:59:41 +0000 (+0000) Subject: [Feature] Allow to require encryption when accepting connections X-Git-Tag: 1.8.3~87 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=dc09c49cad817ea3ef9616a7e40f920aff63b1a7;p=thirdparty%2Frspamd.git [Feature] Allow to require encryption when accepting connections --- diff --git a/src/worker.c b/src/worker.c index 544f05cbd4..9778cee088 100644 --- a/src/worker.c +++ b/src/worker.c @@ -342,7 +342,7 @@ accept_socket (gint fd, short what, void *arg) struct rspamd_worker_ctx *ctx; struct rspamd_task *task; rspamd_inet_addr_t *addr; - gint nfd; + gint nfd, http_opts = 0; ctx = worker->ctx; @@ -386,10 +386,14 @@ accept_socket (gint fd, short what, void *arg) /* TODO: allow to disable autolearn in protocol */ task->flags |= RSPAMD_TASK_FLAG_LEARN_AUTO; + if (ctx->encrypted_only && !rspamd_inet_address_is_local (addr, FALSE)) { + http_opts = RSPAMD_HTTP_REQUIRE_ENCRYPTION; + } + task->http_conn = rspamd_http_connection_new (rspamd_worker_body_handler, rspamd_worker_error_handler, rspamd_worker_finish_handler, - 0, + http_opts, RSPAMD_HTTP_SERVER, ctx->keys_cache, NULL); @@ -547,30 +551,13 @@ init_worker (struct rspamd_config *cfg) rspamd_rcl_register_worker_option (cfg, type, - "http", + "encrypted_only", rspamd_rcl_parse_struct_boolean, ctx, - G_STRUCT_OFFSET (struct rspamd_worker_ctx, is_http), + G_STRUCT_OFFSET (struct rspamd_worker_ctx, encrypted_only), 0, "Deprecated: always true now"); - rspamd_rcl_register_worker_option (cfg, - type, - "json", - rspamd_rcl_parse_struct_boolean, - ctx, - G_STRUCT_OFFSET (struct rspamd_worker_ctx, is_json), - 0, - "Deprecated: always true now"); - - rspamd_rcl_register_worker_option (cfg, - type, - "allow_learn", - rspamd_rcl_parse_struct_boolean, - ctx, - G_STRUCT_OFFSET (struct rspamd_worker_ctx, allow_learn), - 0, - "Deprecated: disabled and forgotten"); rspamd_rcl_register_worker_option (cfg, type, diff --git a/src/worker_private.h b/src/worker_private.h index fe4a6c4b39..f07a95b412 100644 --- a/src/worker_private.h +++ b/src/worker_private.h @@ -40,12 +40,8 @@ struct rspamd_worker_ctx { struct timeval io_tv; /* Detect whether this worker is mime worker */ gboolean is_mime; - /* HTTP worker */ - gboolean is_http; - /* JSON output */ - gboolean is_json; - /* Allow learning through worker */ - gboolean allow_learn; + /* Allow encrypted requests only using network */ + gboolean encrypted_only; /* Limit of tasks */ guint32 max_tasks; /* Maximum time for task processing */